diff --git a/flake.lock b/flake.lock index 33b0b4a..fa0e44f 100644 --- a/flake.lock +++ b/flake.lock @@ -189,6 +189,41 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_7" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -220,15 +255,16 @@ "treefmt": "treefmt" }, "locked": { - "lastModified": 1705801181, - "narHash": "sha256-vH+n5qMnwFCx3LMON2hQMi9PjMpmTraGYXe1czJTfAg=", - "owner": "hall", + "lastModified": 1711308696, + "narHash": "sha256-Epx4yztlFp3mNPhMKWgiiSp6Q067pxW9o50ak6WFwxg=", + "owner": "pizzapim", "repo": "kubenix", - "rev": "76b8053b27b062b11f0c9b495050cc55606ac9dc", + "rev": "4ee31f48510b89743d83b7681faea1077fe925b7", "type": "github" }, "original": { - "owner": "hall", + "owner": "pizzapim", + "ref": "fix-protocol", "repo": "kubenix", "type": "github" } @@ -255,6 +291,66 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nixhelm", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1698974481, + "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "4bb5e752616262457bc7ca5882192a564c0472d2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-kube-generators": { + "locked": { + "lastModified": 1702548734, + "narHash": "sha256-2pREm/iZ1FyyFuukt/B3nud2NYTUImy5vqc2tESoP9g=", + "owner": "farcaller", + "repo": "nix-kube-generators", + "rev": "fb7a70a8cd76aa76fdf3281123582693aec486a7", + "type": "github" + }, + "original": { + "owner": "farcaller", + "repo": "nix-kube-generators", + "type": "github" + } + }, + "nixhelm": { + "inputs": { + "flake-utils": "flake-utils_4", + "nix-kube-generators": "nix-kube-generators", + "nixpkgs": [ + "nixpkgs" + ], + "poetry2nix": "poetry2nix" + }, + "locked": { + "lastModified": 1711242197, + "narHash": "sha256-UWOb8Aj10O8XshwKA6xVivU0wFfQwVNqLERocVXRgUk=", + "owner": "farcaller", + "repo": "nixhelm", + "rev": "8523ddbdf40f833d3c1421546767513ca57bceea", + "type": "github" + }, + "original": { + "owner": "farcaller", + "repo": "nixhelm", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1710783728, @@ -319,6 +415,31 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": "flake-utils_5", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixhelm", + "nixpkgs" + ], + "systems": "systems_8", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1702365004, + "narHash": "sha256-IRFvmyP1uk1hchRVxaXTqu6YoZCvMM/NVtUf2hD2Tag=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "c12ac880114d52a3cad5fa02b00f2e2090e89982", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -328,6 +449,7 @@ "flake-utils": "flake-utils_2", "kubenix": "kubenix", "microvm": "microvm", + "nixhelm": "nixhelm", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable" @@ -423,6 +545,50 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, "treefmt": { "inputs": { "nixpkgs": [ @@ -444,6 +610,28 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixhelm", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699786194, + "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems_2" diff --git a/flake.nix b/flake.nix index 76a0d4b..0a3f9e0 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,12 @@ }; kubenix = { - url = "github:hall/kubenix"; + url = "github:pizzapim/kubenix/fix-protocol"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixhelm = { + url = "github:farcaller/nixhelm"; inputs.nixpkgs.follows = "nixpkgs"; }; }; diff --git a/kubernetes/kubenix-namespace.yaml b/kubernetes/kubenix-namespace.yaml deleted file mode 100644 index 37ce8b6..0000000 --- a/kubernetes/kubenix-namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kubenix diff --git a/nix/flake/kubenix.nix b/nix/flake/kubenix.nix index f6b5762..1d67f18 100644 --- a/nix/flake/kubenix.nix +++ b/nix/flake/kubenix.nix @@ -1,60 +1,80 @@ -{ self, flake-utils, kubenix, ... }: flake-utils.lib.eachDefaultSystem +{ self, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem (system: { kubenix = kubenix.packages.${system}.default.override { specialArgs.flake = self; module = { kubenix, ... }: { - imports = [ kubenix.modules.k8s ]; + imports = [ kubenix.modules.k8s kubenix.modules.helm ]; kubernetes.kubeconfig = "~/.kube/config"; kubenix.project = "home"; - kubernetes.resources = { - deployments.cyberchef.spec = { - replicas = 3; - selector.matchLabels.app = "cyberchef"; + kubernetes = { + namespace = "kubenix"; - template = { - metadata.labels.app = "cyberchef"; + resources = { + namespaces = { + kubenix = { }; - spec = { - containers.cyberchef = { - image = "mpepping/cyberchef"; + metallb-system.metadata.labels = { + "pod-security.kubernetes.io/enforce" = "privileged"; + "pod-security.kubernetes.io/audit" = "privileged"; + "pod-security.kubernetes.io/warn" = "privileged"; + }; + }; - ports = [{ - containerPort = 8000; - protocol = "TCP"; - }]; + + deployments.cyberchef.spec = { + replicas = 3; + selector.matchLabels.app = "cyberchef"; + + template = { + metadata.labels.app = "cyberchef"; + + spec = { + containers.cyberchef = { + image = "mpepping/cyberchef"; + + ports = [{ + containerPort = 8000; + protocol = "TCP"; + }]; + }; }; }; }; - }; - services.cyberchef.spec = { - selector.app = "cyberchef"; + services.cyberchef.spec = { + selector.app = "cyberchef"; - ports = [{ - protocol = "TCP"; - port = 80; - targetPort = 8000; - }]; - }; - - ingresses.cyberchef.spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "cyberchef.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "cyberchef"; - port.number = 80; - }; + ports = [{ + protocol = "TCP"; + port = 80; + targetPort = 8000; }]; - }]; + }; + + ingresses.cyberchef.spec = { + ingressClassName = "traefik"; + + rules = [{ + host = "cyberchef.kun.is"; + + http.paths = [{ + path = "/"; + pathType = "Prefix"; + + backend.service = { + name = "cyberchef"; + port.number = 80; + }; + }]; + }]; + }; + }; + + helm.releases.metallb = { + chart = nixhelm.chartsDerivations.${system}.metallb.metallb; + namespace = "metallb-system"; }; }; };